Trojan.Nanocore

By CagedTech in Trojans

Threat Scorecard

Ranking: 4,697
Threat Level: 80 % (High)
Infected Computers: 22,492
First Seen: July 27, 2015
Last Seen: September 20, 2023
OS(es) Affected: Windows

Trojan.Nanocore is a dangerous threat that leverages remote access tool/remote administration tool (RAT) functions to attack a vulnerable computer. The Nanocore threat is usually identified as sneaky malware that may load on a computer where it runs in the background undetected. Such an action is a common characteristic of Trojan horse threats, and its ability to connect to remote sources or hackers is the RAT side of its source code.

Nanocore may load on a computer and then seek out data stored on the infected computer’s hard drive where it may transmit or allow a remote attacker to access the data. Such actions may take place all without any indication to the computer user, which makes Nanocore extremely dangerous.

In most cases, Nanocore will spread primarily through spam campaigns leveraging spam email attachments that otherwise look like harmless files in the for of either PDFs, MS office documents, photo files, or even executable files. Unsuspecting computer users may receive a spam message containing Nanocore that appears to be an enticing email from an alleged trusted source.

When loaded, Nanocore may hide under an unsuspecting file running within the Windows operating system. Simply stopping the process of the Nanocore file and deleting it may not completely eliminate the Nanocore threat from an infected system.

Those who may suspect their system encountering Nanocore will want to promptly utilize an antimalware resource to safely identify the Nanocore threat and allow it to be automatically removed from the infected system. Prompt removal of Nanocore will help ensure that personal data is not stolen and exploited, which can lead to many other issues, such as Identity theft.

SpyHunter Detects & Remove Trojan.Nanocore

File System Details

Trojan.Nanocore may create the following file(s):
# File Name MD5 Detections
1. file.exe f87b6ea2c3fedfd64be3286511cdf08d 18
2. lantern.exe 0b9673f415a57e85be632b45caf3277b 3
3. file.exe fcd65f38caa488c0c6998a37aa5ed90f 2
4. nvdisplay.containerlocalsystem.log bf5c83624d7c6da5e0de6f5a7c523429 2
5. file.exe e932ab121b335964e032dd360793399e 1
6. Hostnet.exe 1ed4196a7a4780dd900d57d5d1cfdebd 1
7. file.exe 25d7ebac7114de99058360ea17dcc4cf 1
8. Zcgsfujflba.exe 6d0f7f521401804aef80442913fce369 1
9. firefox.exe c4426ddc844a2acd9f0c9a1706eb6253 1
10. file.exe 21b49edd429068c13c0acc7365507ca6 0
11. file.exe 887c9180ed1cec75fe9a6c4cf464c8fd 0
12. file.exe 6fc685a7a9c1006baee0ee014ea37091 0
13. file.exe a92a72365ec6e3c815455b53f9e7851f 0
14. file.exe d0b7bffe88da7bdb11d08a5098188266 0
15. file.exe 6463072d03dc8db5ac97491d7f9cd35c 0
16. file.exe 44a1e298fa9218f521de9dcbc927d193 0
17. file.exe f500fd2dd3baa98195bb3a833ec56fba 0
18. file.exe b443b6b2fe8161435dd99f0641f712fd 0
19. file.exe 67152bb96d4e0ee6d2fb28c083e4629e 0
20. file.exe 33d211cb9d6389199c3828284c865c00 0
21. file.exe ed4db59fe214cf6b5c25459b5eb5e004 0
22. file.exe 5dbae147668cc707efbba1ff4dbd2ccb 0
23. file.exe 592fe1789018efbfff53093bbd04a367 0
24. file.exe d66e8a3b8c6b3160ee0ad5340c590a4f 0
25. file.exe b99906913dba84d7c5901ed186326eea 0
26. f81f76a5a3359095e4967bcd4248b96d f81f76a5a3359095e4967bcd4248b96d 0
27. file.exe e31d5a6100910b95a8ea8b53e6853a71 0
28. 733664ee445129ed76e8397b4f8929d2 733664ee445129ed76e8397b4f8929d2 0
29. file.exe 6d9e987b193c1b78aaddaa86b17e0a58 0
More files

Registry Details

Trojan.Nanocore may create the following registry entry or registry entries:
Regexp file mask
%APPDATA%\Fonts\dll[RANDOM CHARACTERS]host.exe
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\Client.exe
%AppData%\Microsoft\Windows\Start Menu\Programs\Startup\scvhost.url
%PROGRAMFILES%\ARP Service\arpsvc.exe
%PROGRAMFILES(x86)%\AGP Service\agpsvc.exe
%PROGRAMFILES(x86)%\ARP Service\arpsvc.exe
%TEMP%\tmp.exe
%TEMP%\win\filename.vbs
%USERPROFILE%\chrome.exe

Directories

Trojan.Nanocore may create the following directory or directories:

%APPDATA%\browserrr

1 Comment

help me every single time I try to deleat the file it leads me to this file named version

Trending

Most Viewed

Loading...